A regional healthcare provider experienced the loss of 230 patient records. The risk manager intended to notify patients of the breach (as well as the State Attorney General) and offer credit monitoring. Before he took that step, he accessed the eRisk Hub and contacted the Breach Coach (Legal counsel). The Breach Coach advised him that-based on the type and amount of data lost - The organization had no duty to report the incident or notify potential victims. The organization saved thousands of dollars in notification and credit monitoring costs.

The senior risk manager at Fortune 500 internet retailer wanted to reduce the company's hefty cyber insurance policy premiums. NetDiligence performed a comprehensive cyber risk assessment that included a comprehensive baseline survey, vulnerability scan of the internet-facing environment, and a set of two-day in-person interviews with key security, network, application development, DR/BCP, intellectual property lawyers and privacy leaders. The extensive report, which included suggestions for improvements, enabled the risk manager to secure competitive quotes from several insurance carriers and select an offering that saved the company tens of thousands of dollars annually over their prior policy coverage.

A non-profit healthcare service organization did not have the financial resources to employ a dedicated information security officer/team, leaving responsibility for strategic and tactical information security functions with members of the moderate-sized IT department. Because overlapping responsibilities in these kinds of settings tend to lead to gaps in security-related requirements - favoring tactical/operational tasks over strategic/planning obligations - the organization found itself "technology rich" but "planning poor". NetDiligence's onsite assessment helped illuminate the policy and process gap areas and served as a near-term guidepost for resolving them.

An international holding company with a variety of far-flung retail subsidiaries did not possess an enterprise-wide information security program - and did not have a particularly accurate idea of what each of their subsidiaries was doing with regard to protecting sensitive customer information. NetDiligence conducted conference calls with each of the subsidiaries to obtain a baseline of their practices and offer suggestions for improvements. NetDiligence was able to identify areas of potential synergy, as well as security practitioners within the organization who could provide enterprise-level guidance if given the opportunity. The company benefitted from the wealth of new - and relevant - information that resulted from the assessment.